package com.qingfeng.base.secuity;

import com.qingfeng.client.dao.SellerMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @Author:zhangyuefei
 * @Date:2019/9/6 14:31
 */

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    //修改sameSite的值，默认是lax存在问题
//    @Bean
//    public CookieSerializer httpSessionIdResolver(){
//        DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
//        cookieSerializer.setCookieName("JSESSIONID");
//        cookieSerializer.setUseHttpOnlyCookie(true);
//        cookieSerializer.setSameSite("None");
//        cookieSerializer.setUseSecureCookie(false);
//        return cookieSerializer;
//    }


    @Autowired
    private MyAuthenticationProvider authenticationProvider;

    @Autowired
    private MyAccessDeniedHandlerimplements myAccessDeniedHandlerimplements;

    @Autowired
    private SellerMapper userMapper;

    @Value("${wrongCounts}")
    private int wrongCounts;

    /**
     * 用户认证
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // TODO Auto-generated method stub
        auth.authenticationProvider(authenticationProvider);
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {


        http.authorizeRequests()
                .antMatchers("/static/**","/css/**","/js/**", "/index","/cgi/system/getVersion").permitAll()
//                swagger的升级版knife4j
                .antMatchers("/","/doc.html","/swagger-resources/**", "/webjars/**", "/v2/**", "/swagger-ui.html/**").permitAll()
//                .antMatchers("/user/**").permitAll()
                .anyRequest().access("@rbacService.hasPermission(request,authentication)")//所有url权限过滤
                ;
        http.formLogin().loginPage("/login_p")
                .loginProcessingUrl("/login")
                .successForwardUrl("/loginSuccessHandler").permitAll()//登录成功之后转发处理
//                    .failureForwardUrl("/loginFailureHandler")//登录失败之后转发处理
                .failureHandler(new MyAuthFailureHandler(userMapper,wrongCounts))
                .permitAll()
                .and()
                .logout().logoutUrl("/logout")
                .logoutSuccessUrl("/logoutSuccess").permitAll()
                .and().cors()
        .and().csrf().disable();

//        未授权处理
        http.exceptionHandling().accessDeniedHandler(myAccessDeniedHandlerimplements);

    }


//    @Bean
//    public CorsFilter corsFilter() {
//        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
//
//        CorsConfiguration corsConfiguration = new CorsConfiguration();
//        corsConfiguration.addAllowedOrigin("*");
//        corsConfiguration.addAllowedHeader("*");
//        corsConfiguration.addAllowedMethod("*");
//        corsConfiguration.setAllowCredentials(true);
//        source.registerCorsConfiguration("/**", corsConfiguration);
//        return new CorsFilter(source);
//    }



}
